Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		13.06.2006
Source:
SecurityVulns ID:		6248
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		ZEROBOARD : Zeroboard 4.1
		PHPCMS : phpCMS 1.2
		INVISION : Invision Power Board 2.1
		COPPERMINE : Coppermine Photo Gallery 1.4
		BOASTMACHINE : boastMachine 3.1
		MYBB : MyBB 1.1
		CZARNEWS : CzarNews 1.14
		FOING : Foing 0.7
		AWEBNEWS : aWebNews 1.0
		CABACOS : Cabacos Web CMS 3.8
		AWFCMS : AWF CMS 1.11
		IGLOOWEB : igloo DoubleSpeak 0.1
		MYSCRAPBOOK : Myscrapbook 3.1
		THWBOARD : ThWboard 3.0
		MYPHPGUESTBOOK : myPHP Guestbook 2.0
		MDNEWS : MD News 1
		SAXON : SAXON 4.6
		SOMERY : Somery 0.4
		FLOG : FLog 1.1
		MAMBLOG : Mamblog 1.0
		WHEATBLOG : wheatblog 1.0
		SUBTEXT : SubText 1.5
		LOGISPHERE : LogiSphere 1.6
		CSFORUM : CS-Forum 0.81
CVE:		CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.)
		CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195.)
		CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.)

Original document		SECUNIA, [SA20592] Zeroboard ".htaccess" File Upload Vulnerability (13.06.2006)
		SECUNIA, [SA20534] CS-Forum Multiple Vulnerabilities (13.06.2006)
		SECUNIA, [SA20578] LogiSphere Cross-Site Scripting Vulnerability (13.06.2006)
		SECUNIA, [SA20580] SubText MultiBlog Admin Logon Security Issue (13.06.2006)
		SECUNIA, [SA20583] Cabacos Web CMS "suchtext" Parameter Cross-Site Scripting (13.06.2006)
		SpC-x, wheatblog 1.0 Version - "wb_inc_dir" Parameter File Inclusion Vulnerability (13.06.2006)
		SpC-x, Mamblog 1.0 Version - Remote File Include Vulnerabilities (13.06.2006)
		SpC-x, Flog 1.1.2 Version - Remote File Include Vulnerabilities (13.06.2006)
		SpC-x, boastMachine v3.1 Version - Remote File Include Vulnerabilities (13.06.2006)
		SpC-x, phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities (13.06.2006)
		SpC-x, Somery 0.4.4 Version - Remote File Include Vulnerabilities (13.06.2006)
		SpC-x, SAXON 4.6 Version - Remote File Include Vulnerabilities (13.06.2006)
		SpC-x, CzarNews v1.14 Version - Remote File Include Vulnerabilities (13.06.2006)
		SpC-x, MD News 1 Version - Remote File Include Vulnerabilities (13.06.2006)
		SpC-x, aWebNews 1.0 version - Remote File Include Vulnerabilities (13.06.2006)
		SpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (13.06.2006)
		kepche_(at)_msn.com, Invision Power Board XSS (13.06.2006)
		x0r_1_(at)_hotmail.de, MIME-tools 5.411 (Entity 5.404) (13.06.2006)
		666_(at)_hell.de.tk, ThWboard 3.0 <= SQL Injection (13.06.2006)
		darkfire_(at)_f4kelive.zzn.com, Foing (manage_songs.php) Remote File Inclusion[phpBB] (13.06.2006)
		imei, [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack (13.06.2006)
		luny_(at)_youfucktard.com, Myscrapbook v3.1 - XSS (13.06.2006)
		SECUNIA, Secunia Research: MyBB "domecode()" PHP Code Execution Vulnerability (13.06.2006)
		aminrayden_(at)_yahoo.com, igloo DoubleSpeak v 0.1 Multiple remote file inclusion (13.06.2006)
		SpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (13.06.2006)

Discuss:

Read or add your comments to this news (0 comments)